Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-33608

Confluence is inconsistent in error messages for restricted spaces

XMLWordPrintable

    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      Synopsis:

      If you browse to a specific page in a restricted space that you don't have access to, you'll receive a 404 error stating that the page cannot be found, or perhaps that you don't have access to it.

      As per Matt Ryall's comment on CONF-9239, this is to ensure that we do not "leak information about the existence or non-existence of spaces which users don't have permission to see."

      A few comments later in the same ticket, Charles Miller comments that you can bypass the ambiguous 404 message to get a hard "Not Permitted" or "Doesn't Exist" error when browsing to the space key directly.

      If you have a restricted space with the key "RS", and the page title is "Restricted Space Home", the following is true:

      1. Browsing to /display/RS/Restricted+Space+Home produces the ambigous 404 error
      2. Browsing to /display/RS/ displays a "Not Permitted" action.
      3. Browsing to /display/FOO/ (that doesn't exist) displays a "Page Not Found" error.

              Unassigned Unassigned
              dnorton@atlassian.com Dave Norton
              Votes:
              2 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: